What can I do about this clause?

{'method': 'WEB_FORM', 'recipient': 'https://account.microsoft.com/privacy', 'difficulty': 'EASY', 'action_type': 'EXPORT_DATA', 'instructions': 'Visit your Microsoft account privacy dashboard at account.microsoft.com/privacy to review, download, or manage data associated with your Microsoft account and AI services.', 'deadline_days': None, 'deadline_hours': None}

Which regulatory agencies enforce this type of clause?

{'agency': 'FTC', 'reason': 'The FTC has jurisdiction over data privacy practices and can act if privacy-by-design commitments are not honored in consumer-facing AI products.', 'full_name': 'Federal Trade Commission (FTC)', 'description': 'Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.', 'who_can_file': "Anyone affected by the company's practices (US or international)", 'complaint_url': 'https://reportfraud.ftc.gov/', 'what_you_need': 'Your account details, a timeline of relevant events, and a description of the specific issue', 'what_to_expect': 'Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation'}

What is the severity of this clause?

ConductAtlas classifies this Privacy and Security by Design in AI clause as medium severity. Severity reflects the magnitude of rights affected, the breadth of users impacted, and the degree of discretion the platform retains.

Privacy and Security by Design in AI — Microsoft

Share 𝕏 Share in Share 🔒 PDF

Monitor governance changes for Microsoft Create a free account to receive the weekly governance digest and monitor one platform for governance changes.

Create free account No credit card required.

Document Record

What it is

Microsoft states that privacy and security are built into AI systems from the ground up, meaning data protection is considered at the design stage rather than added afterwards.

ⓘ

This analysis describes what Microsoft's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology

ConductAtlas Analysis

Why it matters (compliance & governance perspective)

This means Microsoft's AI products are supposed to handle your personal data with privacy protections embedded at their core, not treated as an afterthought — which matters for products like Copilot that process workplace communications.

Consumer impact (what this means for users)

This document describes Microsoft's self-imposed ethical standards for how AI is developed and deployed in products consumers use daily, including Copilot and Azure AI services. While it does not grant enforceable legal rights, it signals the governance guardrails around AI systems that may affect decisions about your data, content, and interactions. Consumers benefit indirectly from commitments to fairness, human oversight, and privacy-by-design, but have no direct contractual recourse based on this document alone.

What you can do

⚠️ These actions may provide transparency or partial mitigation but may not fully address the underlying issue. Effectiveness varies by jurisdiction and individual circumstances.

Export Your Data

Visit your Microsoft account privacy dashboard at account.microsoft.com/privacy to review, download, or manage data associated with your Microsoft account and AI services.

Cross-platform context

See how other platforms handle Privacy and Security by Design in AI and similar clauses.

Compare across platforms →

Monitoring

Microsoft has changed this document before.

Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.

Start Monitor free trial Or create a free account →

ConductAtlas Analysis

Institutional analysis (Compliance & governance intelligence)

Privacy-by-design commitments directly engage GDPR Article 25 and CCPA requirements; institutional buyers should cross-reference these commitments against Microsoft's Data Processing Addendum and product-specific privacy documentation for enforceable obligations.

Full compliance analysis

Regulatory citations, enforcement risk, and due diligence action items.

Track 1 platform — free Try Monitor free for 14 days

Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.

Applicable agencies

Federal Trade Commission (ftc)

Oversees unfair or deceptive business practices and can investigate companies that mislead consumers about data collection, sharing, or use.

Who can file: Anyone affected by the company's practices (US or international)

What you need: Your account details, a timeline of relevant events, and a description of the specific issue

What to expect: Complaints inform FTC enforcement priorities and investigations but do not result in individual resolution or compensation

File a complaint →

Provision details

Document information

Document

Microsoft Responsible AI Standard

Entity

Microsoft

Document last updated

May 12, 2026

Tracking information

First tracked

March 6, 2026

Last verified

March 9, 2026

Record ID

CA-P-00019003

Document ID

CA-D-00019

Evidence Provenance

Source URL

https://www.microsoft.com/en-us/ai/responsible-ai

Wayback Machine

View archived versions →

Content hash (SHA-256)

b1a3c9ea91c0c2bc587bbe6a4bf29489352b8ef4dbae786965e33d6449988ef0

Analysis generated

March 6, 2026 19:48 UTC

Methodology

summarize_document-v7

Evidence

✓ Snapshot stored ✓ Hash verified

Citation Record

Entity: Microsoft
Document: Microsoft Responsible AI Standard
Record ID: CA-P-00019003
Captured: 2026-03-06 19:48:27 UTC
SHA-256: b1a3c9ea91c0c2bc…
URL: https://conductatlas.com/platform/microsoft/microsoft-responsible-ai-standard/privacy-and-security-by-design-in-ai/
Accessed: June 10, 2026

Permanent archival reference. Stable identifier suitable for legal filings, compliance documentation, and research citation.

Classification

Severity

Medium

Other risks in this policy

Six Core Responsible AI Principles medium
Responsible AI Standard (Internal Governance Instrument) medium
Human Oversight and Control Mechanisms medium
Fairness and Bias Testing Commitments medium
Transparency in AI Systems low
Accountability and Governance Structure (Office of Responsible AI) low

Compliance Governance Intelligence

Need to monitor specific governance provisions?

Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.

Arbitration clauses AI governance Data rights Indemnification Retention policies

Start Compliance free trial

Or start with Monitor →

Built from archived source documents, structured governance mappings, and historical version tracking.

Frequently Asked Questions

What does Microsoft's Privacy and Security by Design in AI clause do?

Is ConductAtlas affiliated with Microsoft?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Microsoft.